National Authority for Electronic Certification and Cyber Security

On May 12, 2017, there was a cyberattack in at least 150 different countries, cyber security experts say it was the WannaCry - ransomware virus, which has affected over 200,000 "victims", most of them businesses including large ranks.The ransomware is the ability to spread without being activated by the user, by using Remote Code Execution and among its most popular versions are: WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

To secure your devices against a possible ransomware attack, please take the following countermeasures:

  • System administrators should apply security updates on network devices that they use to protect their infrastructure (eg IPS / IDS)

  • The institution IT should disconnect computer in which a ransomware is executed from the network.

  • Make Back-Up of all data, including documents, images, videos, and so on.

  • Install the Microsoft Windows updates published on Mars MS17-010.

  • Install and update the latest version of antivirus.

  • Disable if necessary the Server Message Block (SMB) and Remote Desktop Protocol (RDP) services.

  • Do not click on links or documents attached to e-mails by unknown people and containing documents with ".exe, .docm, .js, .vbs, .zip" extras.

    On May 22, 2017, Microsoft released the Windows Malicious Software Removal Tool (MSRT), which detects and cleans the device from Ransomware WannaCry, on computers running Windows 10, Windows 8.1, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 7, or Windows Server 2008. Before MSRT is executed, detect potential malware through various scanning platforms like Microsoft Security Scanner.